How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer

Posted by Lawrence Abrams on February 16, 2010 @ 04:54 PM · Views: 425,650

Add to Favorites!    Print Guide!

Table of Contents

1. Introduction
2. How to use Malwarebytes' Anti-Malware
3. Troubleshoot Malwarebytes' Anti-Malware

Introduction:

As you may have noticed, we use MalwareBytes', or MBAM, in a lot of our removal guides. We do this for no reason other than the fact that the program simply works well and that we can count on it to remove what it says it can. It is updated constantly throughout the day and has excellent protection on all the new malware that comes out. With that said, we feel that MalwareBytes is an important tool to have as part of your computer's security arsenal. One of the program's nicest features is that it is free and easy to use. For those, who may want more advanced features you can purchase the commercial full version to get real-time protection that will protect you from being infected in the first place. The guide below will walk you through installing, configuring, and scanning your computer with Malwarebytes' Anti-Malware.

How to use Malwarebytes' Anti-Malware:

1. Print out these instructions as we will need to close every window that is open later in the fix.
   
   
2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop:
   
   Malwarebytes' Anti-Malware Download Link (Download page will open in a new window)
   
   


3. Once downloaded, close all programs and Windows on your computer, including this one.
   
   
4. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
   
   
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
   
   
6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
   
   
   
   
   
   
   
7. On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for infections.
   
   
8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.
   
   
   
   
   
   
   
9. When the scan is finished a message box will appear as shown in the image below.
   
   
   
   
   
   
   You should click on the OK button to close the message box and continue with the removal process.
   
   
10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
    
    
11. A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.
    
    
    
    
    
    
    
    You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
    
    
12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
    
    
13. You can now exit the MBAM program.
    

Hopefully your computer should now be clean of any infections that may have been present. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future.

Troubleshoot Malwarebytes' Anti-Malware

Below are some common errors you may run into when attempting to use Malwarebytes' Anti-Malware.

Malwarebytes' setup program closes when you attempt to install it.

If you attempt to install Malwarebytes' and the setup program automatically closes then there is a good chance that you have an infection that is trying to stop the program from installing. To get around this, try renaming mbam-setup.exe to other names like:

• mbam-setup.com
• iexplore.exe
• explorer.exe
• userinit.exe
• winlogon.exe

After each rename, try and run the program again. If that does not work, then you may to download and run Rkill to terminate the malware processes that are stopping you.

Malwarebytes' wont start

If you attempt to run Malwarebytes' and it does not start then there is a good chance that you have an infection that is trying to stop the program from running. To get around this, try renaming C:\program files\Malwarebytes' Anti-Malware\mbam.exe to other names like:

• mbam.com
• iexplore.exe
• explorer.exe
• userinit.exe
• winlogon.exe

After each rename, try and run mbam.exe again. If that does not work, then you may to download and run Rkill to terminate the malware processes that are stopping you.

Error 732 when trying to update Malwarebytes' Anti-Malware

If you receive an Error 732 when trying to update MBAM it could be because you do not currently have an Internet connection or a malware has changed your connection settings so that you are using a proxy server. To make sure your connection has not been set to use a proxy server, please do the following steps:

1. Please start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options as shown in the image below.
   
   
   
   
   
   
   
   
2. You should now be in the Internet Options screen as shown in the image below.
   
   
   
   
   
   
   
   
   Now click on the Connections tab as designated by the blue arrow above.
   
   
3. You will now be at the Connections tab as shown by the image below.
   
   
   
   
   
   
   
   Now click on the Lan Settings button as designated by the blue arrow above.
   
   
4. You will now be at the Local Area Network (LAN) settings screen as shown by the image below.
   
   
   
   
   
   
   
   
   Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

Now try and update MBAM again.

Error 2 when installing MBAM

If you receive an Error 2 when installing MBAM then a core executable was deleted by a malware running on your computer. To fix this we will first need to download a randomized version of mbam.exe and save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. We can then run that random named executable to start Malwarebytes' and scan your computer. To do this follow these steps:

1. If you receive a code 2 error while installing Malwarebytes's, please press the OK button to close these errors as we will resolve them in future steps. The code 2 error will look similar to the image below.
   
   
   
   
   
   
   
2. As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\program files\Malwarebytes' Anti-Malware\ folder. To download the file please click on the following link:
   
   

   Malwarebytes' EXE Download

   When your browser prompts you where to save it to, please save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. When downloading the file, it will have a random filename. Please leave the filename the way it is as it is important that it is not changed. You may want to write down the name of the file as you will need to know the name in the next step.
   
   
3. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 2.
   

Now that MBAM is running, please update the program and scan your computer like normal.

Using Rkill to terminate infection processes that may be stopping MBAM from running

If all of these steps do not work, then you can download, or copy from a clean computer, the Rkill program and run it on the infected computer. Rkill will then try and terminate the infections that may be stopping you from installing MalwareBytes'. Rkill, under various names, can be downloaded from the following links:

Rkill.com
Rkill.exe
iExplore.exe
rkill.scr
uSeRiNiT.exe
WiNlOgOn.exe

Once Rkill runs, it will create a log of what applications were terminated. You can then attempt to start the installation of MalwareBytes or start the program again.

For more detailed troubleshooting information, please see this topic at the Malwarebytes' site.